Information Systems Auditor Training Course

This course is designed to equip attendees with the skills to build organizational resilience against a wide range of threats, enabling effective incident response, sustained business operation availability, and the protection of organizational interests.

Who is it for:

This qualification is designed for security professionals seeking to grasp the technical and business dimensions of their role, as well as anyone aspiring to work in security architecture.

• System Administrators aiming to transition into security architecture roles
• Technical architects looking to specialise in security architecture

Additionally, this certificate provides a complimentary certification for individuals who have attained or are pursuing CCP status in Information Assurance.

What will I learn:

Upon completion, candidates will be able to:

• Analyze the business environment and identify information risks relevant to the systems.
• Describe and implement security design principles.
• Identify information risks emerging from potential solution architectures.
• Design alternative architectures or countermeasures to mitigate identified information risks.
• Ensure that proposed architectures and countermeasures effectively address the identified information risks.
• Apply standard security techniques and architectures to mitigate security risks.
• Develop new architectures that mitigate risks associated with emerging technologies and business practices.
• Provide consultancy and advice to clarify Information Assurance and architectural challenges.
• Configure ICT systems in compliance with approved security architectures.

Target Audience:

This certification is designed for professionals engaged in the fields of information security and information assurance.

Learning Outcomes:

Upon completion, candidates will demonstrate the ability to:

• Articulate how effective information risk management delivers significant business value.
• Utilize and explain information risk management terminology with clarity.
• Perform threat and vulnerability assessments, business impact analyses, and risk assessments.
• Apply the fundamental principles of controls and risk treatment.
• Present findings in a structured format suitable for developing a risk treatment plan.
• Implement information classification schemes effectively.

Description:

CISA® stands as the world's most renowned and widely recognised certification for professionals operating within the fields of IT audit and IT risk consulting.

Our CISA course is an intensive, highly competitive, and exam-focused training programme. Drawing on our experience of delivering over 150 CISA training sessions in Europe and globally, and having trained more than 1,200 delegates, Net Security has developed its in-house CISA training materials with the primary objective of ensuring delegates pass the ISACA CISA® Exam. Our methodology emphasises a deep understanding of CISA IS auditing concepts, coupled with extensive practice using question banks released by ISACA over the past three years. Over time, CISA-qualified professionals have seen tremendous demand from leading accounting firms, global banks, advisory firms, assurance departments, and internal audit teams.

While delegates may possess years of experience in IT auditing, the approach to solving CISA questionnaires relies entirely on their grasp of globally accepted IT assurance practices. The CISA exam is notably challenging due to the tight margin between two plausible answers, a scenario where ISACA tests your understanding of global IT auditing practices. To address these challenges, we employ expert trainers with extensive experience in delivering CISA training worldwide.

The Net Security CISA manual covers all exam-relevant concepts, case studies, and Q&A sections across the five CISA domains. Furthermore, the trainer provides key supporting materials throughout the course, including relevant CISA notes, question banks, a CISA glossary, videos, revision documents, exam tips, and CISA mind maps.

Goal:

The ultimate aim is to help you pass your CISA examination on the first attempt.

Objectives:

• Apply gained knowledge in a practical manner that benefits your organisation.
• Deliver audit services in compliance with IT audit standards.
• Provide assurance regarding leadership, organisational structure, and processes.
• Provide assurance on the acquisition, development, testing, and implementation of IT assets.
• Provide assurance on IT operations, including service operations and third-party management.
• Provide assurance on the organisation’s security policies, standards, procedures, and controls to ensure the confidentiality, integrity, and availability of information assets.

Target Audience:

Finance/CPA professionals, IT professionals, Internal & External auditors, and information security and risk consulting professionals.

This training is delivered as a workshop enriched with substantial theoretical knowledge. The curriculum aligns with the official CISA certification framework. Throughout the workshop, case studies will be analyzed to address specific issues in depth. Instruction is conducted in English (with Polish available upon request), utilizing the ISACA handbook as the primary resource.
 

Scope of CISA Exam Content:

• Information System Auditing Process (21%)
• Governance and Management of IT (17%)
• Information Systems Acquisition, Development, and Implementation (12%)
• Information Systems Operation and Business Resilience (23%)
• Protection of Information Assets (27%)

Exam Duration: 4 hours
Format: Multiple-choice test
Number of Questions: 200

To claim the CISA qualification, you must fulfill the following requirements: 

1. Successfully pass the CISA exam, achieving a score of 450 or higher.
2. Adhere to the ISACA Code of Professional Ethics
3. Commit to complying with the CISA Continuing Professional Education Policy
4. Acquire at least five years of professional work experience in information systems auditing, control, or security.
5. Comply with Information Systems Auditing Standards

If you have passed the exam and believe you meet these criteria, you may begin the certification application process via this page.
A processing fee of $50 applies to the application.

Additionally, there is an annual fee required to maintain your certification. The cost is $40 per year for ISACA members and $75 for non-members.

This instructor-led, live training in Portugal (online or onsite) is designed for beginner to intermediate system administrators and security professionals who wish to learn how to implement Cloudflare for content delivery and cloud security, as well as mitigate DDoS attacks.

By the end of this training, participants will be able to:

• Configure Cloudflare for their websites.
• Set up DNS records and SSL certificates.
• Implement Cloudflare for content delivery and caching.
• Protect their websites from DDoS attacks.
• Implement firewall rules to restrict traffic to their websites.

Description:

This course is designed as an intensive and rigorous exam preparation for ISACA’s Certified in Risk and Information Systems Control (CRISC) examination. The syllabus covers the latest four domains of the CRISC framework, with a strong emphasis on exam success. Participants attending the course will also receive copies of the official ISACA CRISC Review Manual and the Question, Answer & Explanation (Q&A&E) supplements. The Q&A&E material is particularly valuable for helping candidates understand ISACA’s question format, the type of responses expected, and for accelerating the assimilation of key concepts.

The technical skills and practices promoted and evaluated by ISACA for the CRISC certification form the foundation for success in this profession. Holding the CRISC certification attests to your professional competence and expertise. As demand grows for professionals with risk and control expertise, ISACA’s CRISC has become the preferred certification for individuals and organisations worldwide. The CRISC credential signals a distinguished commitment to serving both an enterprise and one’s chosen profession.

Objectives:

• To assist you in passing the CRISC examination on your first attempt.
• To demonstrate your commitment to delivering exceptional service to an enterprise.
• To leverage the increasing demand for risk and control expertise, enabling certification holders to secure better career positions and higher salaries.

You will learn:

• How to help enterprises achieve their business objectives by designing, implementing, monitoring, and maintaining risk-based, efficient, and effective IT controls.
• The technical skills and practices promoted by CRISC, which serve as the building blocks for success in the field.

This instructor-led, live training in Portugal (online or onsite) is aimed at intermediate-level IT professionals who wish to enhance their skills in identifying and managing IT risk and implementing information systems controls, and prepare for the CRISC certification exam.

By the end of this training, participants will be able to:

• Understand the governance and risk management aspects of IT.
• Conduct IT risk assessments and implement risk responses.
• Design and implement information systems controls.
• Prepare effectively for the CRISC certification exam.

This instructor-led, live training in Portugal (online or onsite) is aimed at supply chain professionals who wish to establish effective control and oversight of their supply chain, especially as it relates to cybersecurity.

By the end of this training, participants will be able to:

• Understand the security oversights that can bring about significant damage and disruption to a supply chain.
• Break down a complex security problem into manageable and actionable parts.
• Address common supply chain vulnerabilities by analyzing high risk areas and engaging with stakeholders.
• Adopt best practices in securing a supply chain.
• Noticeably reduce or eliminate the biggest risks to an organization's supply chain.

This instructor-led, live training in Portugal (online or onsite) is designed for intermediate to advanced IT professionals and business leaders seeking to develop a structured approach to managing data breaches.

Upon completion of this training, participants will be able to:

• Comprehend the causes and consequences of data breaches.
• Develop and implement strategies to prevent data breaches.
• Establish an incident response plan to contain and mitigate breaches.
• Conduct forensic investigations and assess the impact of breaches.
• Meet legal and regulatory requirements for breach notification.
• Recover from data breaches and enhance security postures.

This instructor-led live training in Portugal (online or onsite) is targeted at developers and administrators seeking to develop software and products that are HiTRUST compliant.

By the end of this training, participants will be able to:

• Understand the core concepts of the HiTrust CSF (Common Security Framework).
• Identify the HITRUST CSF administrative and security control domains.
• Learn about the different types of HiTrust assessments and scoring.
• Understand the certification process and requirements for HiTrust compliance.
• Know the best practices and tips for adopting the HiTrust approach.

This training course demonstrates how risk assessment for information security is conducted by integrating information from ISO/IEC 27005:2022 and ISO/IEC 27001. Alongside theoretical knowledge, the course includes practical exercises, quizzes, and case studies, making it a highly engaging learning experience.

Description:

Designed as a 'Practitioner' level course, this programme places significant emphasis on practical exercises intended to reinforce theoretical concepts and build delegates' confidence in executing business continuity management. The curriculum is also crafted to stimulate debate and facilitate the exchange of knowledge and experience among participants.
Participants will gain invaluable insights from our trainers, who are practicing business continuity management experts and ISO 22301:2019 specialists with extensive practical experience.

Delegates will learn how to:

• Articulate the necessity of business continuity management (BCM) across all types of organisations
• Define the business continuity lifecycle
• Manage a business continuity programme
• Gain a thorough understanding of their organisation to identify mission-critical impact areas
• Determine the organisation's business continuity strategy
• Establish a business continuity response
• Exercise, maintain, and review plans
• Embed business continuity within an organisation
• Define terms and definitions specific to business continuity

Upon completion of the course, delegates will possess a comprehensive understanding of all key components of business continuity management. They will be equipped to return to their professional roles and make a substantial contribution to their organisation's business continuity management process.

This instructor-led live training in Portugal (online or onsite) is designed for security engineers who aim to utilize IBM Qradar SIEM to address pressing security use cases.

Upon completing this training, participants will be capable of:

• Monitoring enterprise data across both on-premise and cloud environments.
• Automating security intelligence to proactively hunt threats and mitigate risks.
• Effectively detecting, identifying, and prioritizing threats.

This instructor-led, live training in Portugal (online or onsite) is aimed at developers who wish to integrate Snyk into their development tools to find and fix security issues in their code.

By the end of this training, participants will be able to:

• Understand the features and structure of Snyk.
• Use Snyk to find and fix code security issues.
• Integrate Snyk in a software development lifecycle.